Vulnerability in EPiServer.Forms
Hi, simple question:
Is there a way to hide a page template in an EPiServer multi site envirionment so that only one site can access a specific page template.
Do you mean hiding it in the CMS, so content editors can choose it? You could do so by setting access rights attributes on the page types:
I havent tried but I guess you could use virtual roles and permissions.
At init create a virtual role for each site and set permissions on the pagetypes to make them available to the sites that should have them.
@Patrick: As I understand, setting access rights is only working for specifying which page templates should be available under another page template. I cannot find any way to restrict a page template to a specific site i our multi site solution.
@Thomas: But since we use the same page templates on booth sites this does not seem to solve my problem? or do I understand you wrong?
Wouldn't be a solution to define a content editor user for each site in your multi-site environment. And set the Access attribute on you page type. Below an explanation of the Access attribute:
'The optional Access attribute defines which users, roles, and visitor groups that will have access rights to create content of a specific type in the user interface. Filtering based on this attribute is applied after ordinary access rights on content.'
Property nameDescriptionBehavior if not specified
Permissions are not limited to a single role - you could give multiple roles access to a ContentType.
Patricks solution do not require any coding at all - only restructuring your existing access/editor roles, and probably the easiest to implement and maintain.